When it comes to security incidents, it’s not a matter of if or when, but what next? No security team ever keeps a perfectly clean sheet, and the planning you do now goes a long way towards determining how effectively you respond when something goes wrong.
Speaking ahead of a webinar to be hosted in South Africa, Cloudflare says it can be too easy for security leaders to get distracted with risk quantification, product purchase and solution implementation.
Meanwhile, you might not put enough effort towards actual crisis preparation.
You can’t buy institutional strength. Instead, it requires hard work from the leadership and team.
Here are Cloudflare’s strategies for creating an incident response plan and integrating it into your organisation:
Prioritise high-risk areas
Common examples of these high-risk areas include:
Although these categories are well known, consider as well how an incident starting with one of them might evolve overtime. For example, you might get knocked offline, but what’s the plan if internal communication goes down too? Or if an employee account gets compromised while the attacker moves laterally into another area of the company?
Readiness for unexpected eventualities
Business continuity and crisis response are essential elements of any mature organisation. Still, few, if any, anticipated the magnitude of the COVID-19 impact. For example, the sheer speed and volume of the move to a remote workforce was totally unexpected. Nevertheless, many incident plans in place pre-COVID-19 have proven effective.
A solid incident response plan should include:
Also, take the time to invest in healthy relationships in case you need to reach out later, such as with law enforcement, peer companies and collaborative entities.
When a crisis does arise, here are some must-haves:
Finally, when the incident ends, it’s important to put together a written post-mortem to extract lessons learned. Instead of placing blame, focus on finding out what happened and why. It’s a good idea to wait about a week or so for this, so emotions cool down. Still, don’t wait so long that memory fades.
For incident response, communication is everything
Media fallout rarely focuses on security team configuration or what kind of tools were in place. Instead, incident communication is everything. Show empathy for the customer and build audience trust. For example:
Responding to a major outage - an incident response case study
In the summer of 2019, Cloudflare experienced a significant outage. It had to take down its service and quickly put it back up globally. Additionally, the incident was highly visible since customer Web sites became inaccessible. As incident planning was solidly in place, the team simply followed the game plan:
About a week later, Cloudflare published a detailed post-mortem. This transparent, detailed communication generated a great deal of goodwill with customers and industry partners. It all came from having a clear, incident response plan in place from the start.
Cloudflare, in partnership with ITWeb, will host a webinar on 3 November to outline how security leaders can develop the institutional strength that defines a truly solid incident response plan. For more information and to register for this event, go to https://itweb.co.za/webinar/cloudflare-institutionalising-incident-response/registration